cybernews

fuite de donnée enregistrée

Latest News


CVE-2025-52485 - DNN Cross-Site Scripting (XSS) Vulnerability

CVE ID : CVE-2025-52485
Published : June 21, 2025, 3:15 a.m. | 58 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request to inject scripts in the Activity Feed Attachments endpoint which will then render in the feed. This issue has been patched in version 10.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 03:15:00 GMT

read more

CVE-2025-52486 - DNN TokenReplace URL Sanitation Vulnerability

CVE ID : CVE-2025-52486
Published : June 21, 2025, 3:15 a.m. | 58 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows specially crafted content in URLs to be used with TokenReplace and not be properly sanitized by some SkinObjects. This issue has been patched in version 10.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 03:15:00 GMT

read more

CVE-2025-52487 - DNN Bypass Login IP Filter Vulnerability

CVE ID : CVE-2025-52487
Published : June 21, 2025, 3:15 a.m. | 58 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 7.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted request or proxy to be created that could bypass the design of DNN Login IP Filters allowing login attempts from IP Addresses not in the allow list. This issue has been patched in version 10.0.1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 03:15:00 GMT

read more

CVE-2025-52488 - DNN NTLM Hash Exposure Vulnerability

CVE ID : CVE-2025-52488
Published : June 21, 2025, 3:15 a.m. | 58 minutes ago
Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been patched in version 10.0.1.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 03:15:00 GMT

read more

CVE-2025-52552 - FastGPT Open Redirect and DOM-Based XSS Vulnerability

CVE ID : CVE-2025-52552
Published : June 21, 2025, 3:15 a.m. | 58 minutes ago
Description : FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 03:15:00 GMT

read more

CVE-2025-52556 - "rfc3161-client TSA Signature Validation Bypass"

CVE ID : CVE-2025-52556
Published : June 21, 2025, 2:15 a.m. | 1 hour, 58 minutes ago
Description : rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trusted root(s), but fails to verify the TSR's own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce any TSR signature so long as the embedded leaf chains up to some root TSA. This issue has been patched in version 1.0.3. There is no workaround for this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 02:15:00 GMT

read more

CVE-2025-52557 - Mail-0's Zero JavaScript Injection Vulnerability

CVE ID : CVE-2025-52557
Published : June 21, 2025, 2:15 a.m. | 1 hour, 58 minutes ago
Description : Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 02:15:00 GMT

read more

CVE-2025-6394 - Code-projects Simple Online Hotel Reservation System SQL Injection Vulnerability

CVE ID : CVE-2025-6394
Published : June 21, 2025, 2:15 a.m. | 1 hour, 58 minutes ago
Description : A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_reserve.php. The manipulation of the argument firstname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 02:15:00 GMT

read more

CVE-2025-5475 - Sony XAV-AX8500 Bluetooth Integer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5475
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26283.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-5476 - Sony XAV-AX8500 Bluetooth L2CAP Channel Isolation Authentication Bypass

CVE ID : CVE-2025-5476
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-5477 - Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5477
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth L2CAP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26286.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-5478 - Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability

CVE ID : CVE-2025-5478
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth SDP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26288.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-5479 - Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution

CVE ID : CVE-2025-5479
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of the Bluetooth AVCTP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26290.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-5820 - Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass

CVE ID : CVE-2025-5820
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6216 - Allegra Password Recovery Authentication Bypass Vulnerability

CVE ID : CVE-2025-6216
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password recovery mechanism. The issue results from reliance upon a predictable value when generating a password reset token. An attacker can leverage this vulnerability to bypass authentication on the application. Was ZDI-CAN-27104.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6217 - PEAK-System PCANFD Driver Information Disclosure Kernel Vulnerability

CVE ID : CVE-2025-6217
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161.
Severity: 3.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6218 - WinRAR Directory Traversal Remote Code Execution Vulnerability

CVE ID : CVE-2025-6218
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6374 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6374
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6375 - Poco Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-6375
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6393 - TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

CVE ID : CVE-2025-6393
Published : June 21, 2025, 1:15 a.m. | 2 hours, 58 minutes ago
Description : A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX1200T 3.0.0-B20230809.1615/4.0.0-B20230531.1404/4.0.0-B20230721.1521/4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 01:15:00 GMT

read more

CVE-2025-6373 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6373
Published : June 21, 2025, 12:15 a.m. | 3 hours, 58 minutes ago
Description : A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Sat, 21 Jun 2025 00:15:00 GMT

read more

CVE-2025-6371 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6371
Published : June 20, 2025, 11:15 p.m. | 4 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 23:15:00 GMT

read more

CVE-2025-6372 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6372
Published : June 20, 2025, 11:15 p.m. | 4 hours, 58 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formSetWizard1 of the file /goform/formSetWizard1. The manipulation of the argument curTime leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 23:15:00 GMT

read more

CVE-2025-6369 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6369
Published : June 20, 2025, 10:15 p.m. | 5 hours, 58 minutes ago
Description : A vulnerability classified as critical has been found in D-Link DIR-619L 2.06B01. Affected is the function formdumpeasysetup of the file /goform/formdumpeasysetup. The manipulation of the argument curTime/config.save_network_enabled leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 22:15:00 GMT

read more

CVE-2025-6370 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6370
Published : June 20, 2025, 10:15 p.m. | 5 hours, 58 minutes ago
Description : A vulnerability classified as critical was found in D-Link DIR-619L 2.06B01. Affected by this vulnerability is the function formWlanGuestSetup of the file /goform/formWlanGuestSetup. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 22:15:00 GMT

read more

CVE-2025-6368 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6368
Published : June 20, 2025, 10:15 p.m. | 5 hours, 10 minutes ago
Description : A vulnerability was found in D-Link DIR-619L 2.06B01. It has been rated as critical. This issue affects the function formSetEmail of the file /goform/formSetEmail. The manipulation of the argument curTime/config.smtp_email_subject leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 22:15:00 GMT

read more

CVE-2025-6364 - Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6364
Published : June 20, 2025, 9:15 p.m. | 6 hours, 10 minutes ago
Description : A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 21:15:00 GMT

read more

CVE-2025-6365 - HobbesOSR Kitten ARM64 Resource Consumption Vulnerability

CVE ID : CVE-2025-6365
Published : June 20, 2025, 9:15 p.m. | 6 hours, 10 minutes ago
Description : A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 21:15:00 GMT

read more

CVE-2025-6367 - D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6367
Published : June 20, 2025, 9:15 p.m. | 6 hours, 10 minutes ago
Description : A vulnerability was found in D-Link DIR-619L 2.06B01. It has been declared as critical. This vulnerability affects unknown code of the file /goform/formSetDomainFilter. The manipulation of the argument curTime/sched_name_%d/url_%d leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 21:15:00 GMT

read more

CVE-2025-6363 - Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6363
Published : June 20, 2025, 8:15 p.m. | 7 hours, 10 minutes ago
Description : A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 20:15:00 GMT

read more

CVE-2025-48945 - Apache c-ares Use-After-Free DNS Channel Crash

CVE ID : CVE-2025-48945
Published : June 20, 2025, 8:15 p.m. | 5 hours, 57 minutes ago
Description : pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. The vulnerability has been fixed in pycares 4.9.0 by implementing a safe channel destruction mechanism.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 20:15:00 GMT

read more

CVE-2025-6361 - Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6361
Published : June 20, 2025, 8:15 p.m. | 5 hours, 57 minutes ago
Description : A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 20:15:00 GMT

read more

CVE-2025-6362 - Simple Pizza Ordering System SQL Injection

CVE ID : CVE-2025-6362
Published : June 20, 2025, 8:15 p.m. | 5 hours, 57 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 20:15:00 GMT

read more

CVE-2023-5600 - GitLab EE Information Disclosure Vulnerability

CVE ID : CVE-2023-5600
Published : June 20, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific references could be leaked through the service-desk custom email template.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 20:15:00 GMT

read more

CVE-2024-4025 - "GitLab Markdown DoS Vulnerability"

CVE ID : CVE-2024-4025
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2024-4994 - GitLab CSRF GraphQL Mutation Execution Vulnerability

CVE ID : CVE-2024-4994
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab's GraphQL API leading to the execution of arbitrary GraphQL mutations.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-25034 - SugarCRM Object Injection Vulnerability

CVE ID : CVE-2025-25034
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the rest_data parameter before passing it to the unserialize() function. This allows an unauthenticated attacker to submit crafted serialized data containing malicious object declarations, resulting in arbitrary code execution within the application context. Although SugarCRM released a prior fix in advisory sugarcrm-sa-2016-001, the patch was incomplete and failed to address some vectors.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-25037 - Aquatronica Controller System Information Disclosure Vulnerability

CVE ID : CVE-2025-25037
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-25038 - MiniDVBLinux OS Command Injection Vulnerability

CVE ID : CVE-2025-25038
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34021 - Selea Targa SSRF

CVE ID : CVE-2025-34021
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34022 - Selea Targa IP OCR-ANPR Path Traversal Vulnerability

CVE ID : CVE-2025-34022
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34023 - Karel IP1211 Path Traversal Vulnerability

CVE ID : CVE-2025-34023
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A path traversal vulnerability exists in the Karel IP1211 IP Phone's web management panel. The /cgi-bin/cgiServer.exx endpoint fails to properly sanitize user input to the page parameter, allowing remote authenticated attackers to access arbitrary files on the underlying system by using crafted path traversal sequences (e.g., ../../). This can expose sensitive files such as /etc/passwd and /etc/shadow.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34024 - Edimax EW-7438RPn Command Injection Vulnerability

CVE ID : CVE-2025-34024
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacters to achieve arbitrary command execution as the root user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34029 - Edimax EW-7438RPn Mini OS Command Injection

CVE ID : CVE-2025-34029
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An OS command injection vulnerability exists in the Edimax EW-7438RPn Mini firmware version 1.13 and prior via the syscmd.asp form handler. The /goform/formSysCmd endpoint exposes a system command interface through the sysCmd parameter. A remote authenticated attacker can submit arbitrary shell commands directly, resulting in command execution as the root user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-34030 - Apache sar2html OS Command Injection Vulnerability

CVE ID : CVE-2025-34030
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by appending them to the plot parameter (e.g., ?plot=;id) in a crafted GET request. The output of the command is displayed in the application's interface after interacting with the host selection UI. Successful exploitation leads to arbitrary command execution on the underlying system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-6359 - Code-projects Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6359
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cashconfirm.php. The manipulation of the argument transactioncode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-6360 - Simple Pizza Ordering System SQL Injection

CVE ID : CVE-2025-6360
Published : June 20, 2025, 7:15 p.m. | 4 hours, 56 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Simple Pizza Ordering System 1.0. This affects an unknown part of the file /portal.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 19:15:00 GMT

read more

CVE-2025-6358 - Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6358
Published : June 20, 2025, 6:15 p.m. | 5 hours, 56 minutes ago
Description : A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /saveorder.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-5121 - GitLab Compliance Framework Authorization Bypass

CVE ID : CVE-2025-5121
Published : June 20, 2025, 6:15 p.m. | 3 hours, 55 minutes ago
Description : An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.4 and 18.0 before 18.0.2. A missing authorization check may have allowed compliance frameworks to be applied to projects outside the compliance framework's group.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-6356 - Simple Pizza Ordering System SQL Injection Vulnerability

CVE ID : CVE-2025-6356
Published : June 20, 2025, 6:15 p.m. | 3 hours, 55 minutes ago
Description : A vulnerability was found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /addmem.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-6357 - "Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability"

CVE ID : CVE-2025-6357
Published : June 20, 2025, 6:15 p.m. | 3 hours, 55 minutes ago
Description : A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /paymentportal.php. The manipulation of the argument person leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-2443 - GitLab EE Cross-Site Scripting and Content Security Policy Bypass Vulnerability

CVE ID : CVE-2025-2443
Published : June 20, 2025, 6:15 p.m. | 3 hours, 9 minutes ago
Description : An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-46158 - RedoxOS Kernel Denial of Service Vulnerability

CVE ID : CVE-2025-46158
Published : June 20, 2025, 6:15 p.m. | 3 hours, 9 minutes ago
Description : An issue in redoxOS kernel before commit 5d41cd7c allows a local attacker to cause a denial of service via the `setitimer` syscall
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-52484 - RISC Zero RISC-V Instruction Register Confusion Vulnerability

CVE ID : CVE-2025-52484
Published : June 20, 2025, 6:15 p.m. | 3 hours, 9 minutes ago
Description : RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit. Rust applications using the risc0-zkvm crate at versions 2.0.0, 2.0.1, and 2.0.2 should upgrade to version 2.1.0. Smart contract applications using the official RISC Zero Verifier Router do not need to take any action: zkVM version 2.1 is active on all official routers, and version 2.0 has been disabled. Smart contract applications not using the verifier router should update their contracts to send verification calls to the 2.1 version of the verifier.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 18:15:00 GMT

read more

CVE-2025-44635 - H3C Router Remote Command Execution Vulnerability

CVE ID : CVE-2025-44635
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : There are multiple unauthorized remote command execution vulnerabilities in the H3C ER2200G2, ERG2-450W, ERG2-1200W, ERG2-1350W, NR1200W series routers before ERG2AW-MNW100-R1117; H3C ER3100G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2, ER6300G2, ER8300G2, ER8300G2-X series routers before ERHMG2-MNW100-R1126; GR3200, GR5200, GR8300 and other series routers before MiniGR1B0V100R018L50; GR-1800AX before MiniGRW1B0V100R009L50; GR-3000AX before SWBRW1A0V100R007L50; and GR-5400AX before SWBRW1B0V100R009L50. Attackers can bypass authentication by including specially crafted text in the request URL or message header, and then inject arbitrary malicious commands into some fields related to ACL access control list and user group functions and execute to obtain the highest ROOT privileges of remote devices, thereby completely taking over the remote target devices.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-48059 - PowSyBl ReDoS Vulnerability in RegexCriterion Class

CVE ID : CVE-2025-48059
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls — especially if performed over large network models or filtering operations. This issue has been patched in com.powsybl:powsybl-iidm-criteria 6.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-49132 - Pterodactyl Unauthenticated Remote Code Execution Vulnerability

CVE ID : CVE-2025-49132
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-6353 - Code-projects Responsive Blog Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6353
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-6354 - Code-projects Online Shoe Store SQL Injection

CVE ID : CVE-2025-6354
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/customer_signup.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-6355 - SourceCodester Online Hotel Reservation System SQL Injection

CVE ID : CVE-2025-6355
Published : June 20, 2025, 5:15 p.m. | 2 hours, 8 minutes ago
Description : A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 17:15:00 GMT

read more

CVE-2025-44203 - HotelDruid SQL Injection and DoS Vulnerability

CVE ID : CVE-2025-44203
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-45331 - Brplot Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-45331
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : brplot v420.69.1 contains a Null Pointer Dereference (NPD) vulnerability in the br_dagens_handle_once function of its data processing module, leading to unpredictable program behavior, causing segmentation faults, and program crashes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-45890 - Novel Plus Directory Traversal Code Execution Vulnerability

CVE ID : CVE-2025-45890
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-5416 - Keycloak Information Disclosure Vulnerability

CVE ID : CVE-2025-5416
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-6193 - TrustyAI Explainability Command Injection Vulnerability

CVE ID : CVE-2025-6193
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-6347 - Code-Projects Responsive Blog Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6347
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-6351 - iSourcecode Employee Record Management System SQL Injection

CVE ID : CVE-2025-6351
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability was found in itsourcecode Employee Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editprofile.php. The manipulation of the argument emp1name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-6352 - "Code-projects Automated Voting System Remote Code Execution Vulnerability"

CVE ID : CVE-2025-6352
Published : June 20, 2025, 4:15 p.m. | 3 hours, 9 minutes ago
Description : A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 16:15:00 GMT

read more

CVE-2025-52822 - Iqonic Design WP Roadmap SQL Injection Vulnerability

CVE ID : CVE-2025-52822
Published : June 20, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WP Roadmap allows SQL Injection. This issue affects WP Roadmap: from n/a through 2.1.3.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52825 - Rameez Iqbal Real Estate Manager CSRF Privilege Escalation

CVE ID : CVE-2025-52825
Published : June 20, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager allows Privilege Escalation. This issue affects Real Estate Manager: from n/a through 7.3.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-6345 - SourceCodester My Food Recipe Cross Site Scripting Vulnerability

CVE ID : CVE-2025-6345
Published : June 20, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-6346 - SourceCodester Advance Charity Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6346
Published : June 20, 2025, 3:15 p.m. | 4 hours, 9 minutes ago
Description : A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52791 - Devfelixmoira Knowledge Base Maker CSRF Stored XSS

CVE ID : CVE-2025-52791
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in devfelixmoira Knowledge Base – Knowledge Base Maker allows Stored XSS. This issue affects Knowledge Base – Knowledge Base Maker: from n/a through 1.1.8.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52792 - Vgstef WP User Stylesheet Switcher CSRF Stored XSS

CVE ID : CVE-2025-52792
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52793 - Esselink.nu CSRF and XSS

CVE ID : CVE-2025-52793
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Esselink.nu Esselink.nu Settings allows Reflected XSS. This issue affects Esselink.nu Settings: from n/a through 2.94.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52794 - Creative-Solutions Creative Contact Form CSRF Stored XSS

CVE ID : CVE-2025-52794
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Creative-Solutions Creative Contact Form allows Stored XSS. This issue affects Creative Contact Form: from n/a through 1.0.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52795 - Aharonyan WP Front User Submit/Front Editor CSRF

CVE ID : CVE-2025-52795
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in aharonyan WP Front User Submit / Front Editor allows Cross Site Request Forgery. This issue affects WP Front User Submit / Front Editor: from n/a through 4.9.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52802 - EnguerranWS Import YouTube videos as WP Posts Missing Authorization Vulnerability

CVE ID : CVE-2025-52802
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Missing Authorization vulnerability in enguerranws Import YouTube videos as WP Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Import YouTube videos as WP Posts: from n/a through 2.1.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52821 - Thanhtungtnt Video List Manager SQL Injection

CVE ID : CVE-2025-52821
Published : June 20, 2025, 3:15 p.m. | 2 hours, 53 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in thanhtungtnt Video List Manager allows SQL Injection. This issue affects Video List Manager: from n/a through 1.7.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52781 - Beee TinyNav CSRF Stored XSS

CVE ID : CVE-2025-52781
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52782 - King Rayhan Scroll UP Cross-site Scripting Vulnerability

CVE ID : CVE-2025-52782
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in King Rayhan Scroll UP allows Reflected XSS. This issue affects Scroll UP: from n/a through 2.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52783 - WooCommerce Change Cart Button Colors CSRF Stored XSS

CVE ID : CVE-2025-52783
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in themelocation Change Cart button Colors WooCommerce allows Stored XSS. This issue affects Change Cart button Colors WooCommerce: from n/a through 1.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52784 - Hideoguchi Bluff Post CSRF Stored XSS

CVE ID : CVE-2025-52784
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in hideoguchi Bluff Post allows Stored XSS. This issue affects Bluff Post: from n/a through 1.1.1.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52789 - Lewe ChordPress CSRF Stored XSS

CVE ID : CVE-2025-52789
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in George Lewe Lewe ChordPress allows Stored XSS. This issue affects Lewe ChordPress: from n/a through 3.9.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52790 - WP-DownloadCounter CSRF Stored XSS

CVE ID : CVE-2025-52790
Published : June 20, 2025, 3:15 p.m. | 2 hours, 8 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in r-win WP-DownloadCounter allows Stored XSS. This issue affects WP-DownloadCounter: from n/a through 1.01.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52710 - Ninja Team File Manager Pro Cross-site Scripting (XSS)

CVE ID : CVE-2025-52710
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ninja Team File Manager Pro allows Stored XSS. This issue affects File Manager Pro: from n/a through 1.8.8.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52711 - BoldGrid Post and Page Builder CSRF

CVE ID : CVE-2025-52711
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Cross Site Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52713 - BoldGrid Post and Page Builder SSRF

CVE ID : CVE-2025-52713
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Server Side Request Forgery. This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.27.8.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52715 - RadiusTheme Classified Listing PHP Remote File Inclusion Vulnerability

CVE ID : CVE-2025-52715
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing allows PHP Local File Inclusion. This issue affects Classified Listing: from n/a through 4.2.0.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52719 - Metagauss ProfileGrid Information Exposure Vulnerability

CVE ID : CVE-2025-52719
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss ProfileGrid allows Retrieve Embedded Sensitive Data. This issue affects ProfileGrid : from n/a through 5.9.5.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52733 - Anonform Ab ANON::form DOM-Based Cross-site Scripting Vulnerability

CVE ID : CVE-2025-52733
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anonform Ab ANON::form embedded secure form allows DOM-Based XSS. This issue affects ANON::form embedded secure form: from n/a through 1.7.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52772 - Adnan Haque (a11n) Virtual Moderator CSRF/XSS

CVE ID : CVE-2025-52772
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-52780 - Logo Manager For Samandehi CSRF Stored XSS

CVE ID : CVE-2025-52780
Published : June 20, 2025, 3:15 p.m. | 52 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Mohammad Parsa Logo Manager For Samandehi allows Stored XSS. This issue affects Logo Manager For Samandehi: from n/a through 0.5.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 15:15:00 GMT

read more

CVE-2025-6340 - School Fees Payment System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6340
Published : June 20, 2025, 1:15 p.m. | 1 hour, 6 minutes ago
Description : A vulnerability classified as problematic has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the argument Branch/Address/Detail leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 13:15:00 GMT

read more

CVE-2025-6341 - Code-projects School Fees Payment System Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-6341
Published : June 20, 2025, 1:15 p.m. | 1 hour, 6 minutes ago
Description : A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 13:15:00 GMT

read more

CVE-2025-38083 - Linux Kernel NetSched Prio Race Condition Underflow

CVE ID : CVE-2025-38083
Published : June 20, 2025, 12:15 p.m. | 2 hours, 6 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU 1 [1]: lock root [2]: qdisc_tree_flush_backlog() [3]: unlock root | | [5]: lock root | [6]: rehash | [7]: qdisc_tree_reduce_backlog() | [4]: qdisc_put() This can be abused to underflow a parent's qlen. Calling qdisc_purge_queue() instead of qdisc_tree_flush_backlog() should fix the race, because all packets will be purged from the qdisc before releasing the lock.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 12:15:00 GMT

read more

CVE-2025-4102 - Beaver Builder Plugin for WordPress Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-4102
Published : June 20, 2025, 12:15 p.m. | 2 hours, 6 minutes ago
Description : The Beaver Builder Plugin (Starter Version) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_enabled_icons' function in all versions up to, and including, 2.9.1. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. The vulnerability was partially patched in version 2.9.1.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 12:15:00 GMT

read more

CVE-2025-6336 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-6336
Published : June 20, 2025, 12:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. It has been classified as critical. Affected is an unknown function of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 12:15:00 GMT

read more

CVE-2025-6337 - TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

CVE ID : CVE-2025-6337
Published : June 20, 2025, 12:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 12:15:00 GMT

read more

CVE-2025-6339 - Ponaravindb Hospital Management System SQL Injection

CVE ID : CVE-2025-6339
Published : June 20, 2025, 12:15 p.m. | 2 hours, 6 minutes ago
Description : A vulnerability was found in ponaravindb Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /func3.php. The manipulation of the argument username1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 12:15:00 GMT

read more

CVE-2025-4981 - Mattermost File Upload Path Traversal and RCE Vulnerability

CVE ID : CVE-2025-4981
Published : June 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 11:15:00 GMT

read more

CVE-2025-6332 - PHPGurukul Directory Management System SQL Injection

CVE ID : CVE-2025-6332
Published : June 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Directory Management System 2.0. Affected by this issue is some unknown functionality of the file /admin/manage-directory.php. The manipulation of the argument del leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 11:15:00 GMT

read more

CVE-2025-6333 - PHPGurukul Directory Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6333
Published : June 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Directory Management System 2.0. This affects an unknown part of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 11:15:00 GMT

read more

CVE-2025-6334 - D-Link DIR-867 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6334
Published : June 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 11:15:00 GMT

read more

CVE-2025-6335 - DedeCMS Template Handler Command Injection Vulnerability

CVE ID : CVE-2025-6335
Published : June 20, 2025, 11:15 a.m. | 3 hours, 6 minutes ago
Description : A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 11:15:00 GMT

read more

CVE-2025-5255 - Apple macOS Phoenix Code Dynamic Library Injection Vulnerability

CVE ID : CVE-2025-5255
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-5963 - Postbox macOS Dylib Injection Vulnerability

CVE ID : CVE-2025-5963
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : The Postbox's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. The original company behind Postbox is no longer operational, the software will no longer receive updates. The acquiring company (em Client) did not cooperate in vulnerability disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-6328 - D-Link DIR-815 Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6328
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-6329 - ScriptAndTools Real Estate Management System User Delete Handler Authorization Bypass

CVE ID : CVE-2025-6329
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-6330 - PHPGurukul Directory Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6330
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Directory Management System 1.0. Affected is an unknown function of the file /searchdata.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-6331 - PHPGurukul Directory Management System SQL Injection

CVE ID : CVE-2025-6331
Published : June 20, 2025, 10:15 a.m. | 4 hours, 6 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-directory.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 10:15:00 GMT

read more

CVE-2025-6257 - WordPress Euro FxRef Currency Converter Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6257
Published : June 20, 2025, 9:15 a.m. | 5 hours, 6 minutes ago
Description : The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 09:15:00 GMT

read more

CVE-2025-6320 - PHPGurukul Pre-School Enrollment System SQL Injection

CVE ID : CVE-2025-6320
Published : June 20, 2025, 9:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability, which was classified as critical, was found in PHPGurukul Pre-School Enrollment System 1.0. Affected is an unknown function of the file /admin/add-class.php. The manipulation of the argument classname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 09:15:00 GMT

read more

CVE-2025-6321 - PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE ID : CVE-2025-6321
Published : June 20, 2025, 9:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 09:15:00 GMT

read more

CVE-2025-6322 - PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE ID : CVE-2025-6322
Published : June 20, 2025, 9:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visit.php. The manipulation of the argument gname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 09:15:00 GMT

read more

CVE-2025-6323 - PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE ID : CVE-2025-6323
Published : June 20, 2025, 9:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file /enrollment.php. The manipulation of the argument fathername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 09:15:00 GMT

read more

CVE-2025-6318 - PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE ID : CVE-2025-6318
Published : June 20, 2025, 8:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. This vulnerability affects unknown code of the file /admin/check_availability.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 08:15:00 GMT

read more

CVE-2025-6319 - PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

CVE ID : CVE-2025-6319
Published : June 20, 2025, 8:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. This issue affects some unknown processing of the file /admin/add-teacher.php. The manipulation of the argument tsubject leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 08:15:00 GMT

read more

CVE-2025-6317 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6317
Published : June 20, 2025, 8:15 a.m. | 5 hours, 7 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/confirm.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 08:15:00 GMT

read more

CVE-2025-6316 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6316
Published : June 20, 2025, 7:15 a.m. | 6 hours, 7 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/admin_running.php. The manipulation of the argument qty leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 07:15:00 GMT

read more

CVE-2025-50054 - OpenVPN Buffer Overflow

CVE ID : CVE-2025-50054
Published : June 20, 2025, 7:15 a.m. | 5 hours, 6 minutes ago
Description : Buffer overflow in OpenVPN ovpn-dco-win version 1.3.0 and earlier and version 2.5.8 and earlier allows a local user process to send a too large control message buffer to the kernel driver resulting in a system crash
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 07:15:00 GMT

read more

CVE-2025-6313 - Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE ID : CVE-2025-6313
Published : June 20, 2025, 7:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/cat_add.php. The manipulation of the argument Category leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 07:15:00 GMT

read more

CVE-2025-6314 - Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE ID : CVE-2025-6314
Published : June 20, 2025, 7:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/cat_update.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 07:15:00 GMT

read more

CVE-2025-6315 - "Code-projects Online Shoe Store SQL Injection Vulnerability"

CVE ID : CVE-2025-6315
Published : June 20, 2025, 7:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cart2.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 07:15:00 GMT

read more

CVE-2025-6312 - Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE ID : CVE-2025-6312
Published : June 20, 2025, 6:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/cash_transaction.php. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 06:15:00 GMT

read more

CVE-2025-5125 - Owl WordPress Custom Post Carousels Featherlight Unsanitized Attribute Vulnerability

CVE ID : CVE-2025-5125
Published : June 20, 2025, 6:15 a.m. | 5 hours, 7 minutes ago
Description : The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 06:15:00 GMT

read more

CVE-2025-6311 - Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE ID : CVE-2025-6311
Published : June 20, 2025, 6:15 a.m. | 5 hours, 7 minutes ago
Description : A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/account_add.php. The manipulation of the argument id/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 06:15:00 GMT

read more

CVE-2025-6308 - PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

CVE ID : CVE-2025-6308
Published : June 20, 2025, 5:15 a.m. | 6 hours, 7 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/bwdates-request-report-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 05:15:00 GMT

read more

CVE-2025-6309 - PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

CVE ID : CVE-2025-6309
Published : June 20, 2025, 5:15 a.m. | 6 hours, 7 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-ambulance.php. The manipulation of the argument ambregnum leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 05:15:00 GMT

read more

CVE-2025-6310 - PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

CVE ID : CVE-2025-6310
Published : June 20, 2025, 5:15 a.m. | 6 hours, 7 minutes ago
Description : A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 05:15:00 GMT

read more

CVE-2025-6307 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6307
Published : June 20, 2025, 5:15 a.m. | 4 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /function/edit_customer.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 05:15:00 GMT

read more

CVE-2025-6304 - Code-projects Online Shoe Store SQL Injection

CVE ID : CVE-2025-6304
Published : June 20, 2025, 4:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /cart.php. The manipulation of the argument qty[] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 04:15:00 GMT

read more

CVE-2025-6305 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6305
Published : June 20, 2025, 4:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_feature.php. The manipulation of the argument product_code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 04:15:00 GMT

read more

CVE-2025-6306 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6306
Published : June 20, 2025, 4:15 a.m. | 5 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Online Shoe Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin_index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 04:15:00 GMT

read more

CVE-2025-6264 - Velociraptor Unauthorized Artifact Collection and Execution Vulnerability

CVE ID : CVE-2025-6264
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role).
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6299 - TOTOLINK N150RT Os Command Injection Vulnerability

CVE ID : CVE-2025-6299
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6300 - PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6300
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. This vulnerability affects unknown code of the file /admin/editempeducation.php. The manipulation of the argument yopgra leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6301 - PHPGurukul Notice Board System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6301
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /admin/manage-notices.php of the component Add Notice. The manipulation of the argument Title/Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6302 - TOTOLINK EX1200T Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6302
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6303 - Code-projects Online Shoe Store SQL Injection Vulnerability

CVE ID : CVE-2025-6303
Published : June 20, 2025, 3:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability has been found in code-projects Online Shoe Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /contactus1.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 03:15:00 GMT

read more

CVE-2025-6296 - Apache Hostel Management System SQL Injection

CVE ID : CVE-2025-6296
Published : June 20, 2025, 2:15 a.m. | 7 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /empty_rooms.php. The manipulation of the argument search_box leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 02:15:00 GMT

read more

CVE-2025-6295 - Code-projects Hostel Management System SQL Injection

CVE ID : CVE-2025-6295
Published : June 20, 2025, 2:15 a.m. | 6 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /allocated_rooms.php. The manipulation of the argument search_box leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 02:15:00 GMT

read more

CVE-2025-6293 - Code-projects Hostel Management System SQL Injection

CVE ID : CVE-2025-6293
Published : June 20, 2025, 1:15 a.m. | 7 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /contact_manager.php. The manipulation of the argument student_roll_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-6294 - Code-projects Hostel Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6294
Published : June 20, 2025, 1:15 a.m. | 7 hours, 6 minutes ago
Description : A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact.php. The manipulation of the argument hostel_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-48058 - PowSyBl Regular Expression Denial of Service (ReDoS)

CVE ID : CVE-2025-48058
Published : June 20, 2025, 1:15 a.m. | 6 hours, 5 minutes ago
Description : PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking — even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-49715 - Dynamics 365 Information Disclosure Vulnerability

CVE ID : CVE-2025-49715
Published : June 20, 2025, 1:15 a.m. | 6 hours, 5 minutes ago
Description : Exposure of private personal information to an unauthorized actor in Dynamics 365 FastTrack Implementation Assets allows an unauthorized attacker to disclose information over a network.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-6288 - PHPGurukul Bus Pass Management System Cross Site Scripting (XSS)

CVE ID : CVE-2025-6288
Published : June 20, 2025, 1:15 a.m. | 6 hours, 5 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. The attack may be launched remotely.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-6291 - D-Link DIR-825 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6291
Published : June 20, 2025, 1:15 a.m. | 6 hours, 5 minutes ago
Description : A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-6292 - D-Link DIR-825 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6292
Published : June 20, 2025, 1:15 a.m. | 6 hours, 5 minutes ago
Description : A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 01:15:00 GMT

read more

CVE-2025-47771 - PowSyBl SparseMatrix Deserialization Privilege Escalation Vulnerability

CVE ID : CVE-2025-47771
Published : June 20, 2025, 12:15 a.m. | 5 hours, 44 minutes ago
Description : PowSyBl (Power System Blocks) is a framework to build power system oriented software. In versions 6.3.0 to 6.7.1, there is a deserialization issue in the read method of the SparseMatrix class that can lead to a wide range of privilege escalations depending on the circumstances. This method takes in an InputStream and returns a SparseMatrix object. This issue has been patched in com.powsybl:powsybl-math: 6.7.2. A workaround for this issue involves not using SparseMatrix deserialization (SparseMatrix.read(...) methods).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 00:15:00 GMT

read more

CVE-2025-6287 - PHPGurukul COVID19 Testing Management System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-6287
Published : June 20, 2025, 12:15 a.m. | 5 hours, 44 minutes ago
Description : A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Fri, 20 Jun 2025 00:15:00 GMT

read more

CVE-2025-6286 - PHPGurukul COVID19 Testing Management System Open Redirect Vulnerability

CVE ID : CVE-2025-6286
Published : June 19, 2025, 11:15 p.m. | 6 hours, 44 minutes ago
Description : A vulnerability classified as problematic has been found in PHPGurukul COVID19 Testing Management System 2021. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument q leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 23:15:00 GMT

read more

CVE-2025-6283 - Xataio Xata Agent Path Traversal Vulnerability

CVE ID : CVE-2025-6283
Published : June 19, 2025, 11:15 p.m. | 6 hours, 5 minutes ago
Description : A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 23:15:00 GMT

read more

CVE-2025-6284 - PHPGurukul Car Rental Portal Cross-Site Request Forgery Vulnerability

CVE ID : CVE-2025-6284
Published : June 19, 2025, 11:15 p.m. | 6 hours, 5 minutes ago
Description : A vulnerability was found in PHPGurukul Car Rental Portal 3.0. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 23:15:00 GMT

read more

CVE-2025-6285 - PHPGurukul COVID19 Testing Management System PHP Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6285
Published : June 19, 2025, 11:15 p.m. | 6 hours, 5 minutes ago
Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 2021. It has been rated as problematic. This issue affects some unknown processing of the file /search-report-result.php. The manipulation of the argument q leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 23:15:00 GMT

read more

CVE-2025-6282 - Xlang-ai OpenAgents Path Traversal Vulnerability

CVE ID : CVE-2025-6282
Published : June 19, 2025, 10:15 p.m. | 7 hours, 5 minutes ago
Description : A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 22:15:00 GMT

read more

CVE-2025-47293 - PowSyBl XML Entity Injection and SSRF Vulnerability

CVE ID : CVE-2025-47293
Published : June 19, 2025, 10:15 p.m. | 5 hours, 44 minutes ago
Description : PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, in certain places, powsybl-core XML parsing is vulnerable to an XML external entity (XXE) attack and to a server-side request forgery (SSRF) attack. This allows an attacker to elevate their privileges to read files that they do not have permissions to, including sensitive files on the system. The vulnerable class is com.powsybl.commons.xml.XmlReader which is considered to be untrusted in use cases where untrusted users can submit their XML to the vulnerable methods. This can be a multi-tenant application that hosts many different users perhaps with different privilege levels. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 22:15:00 GMT

read more

CVE-2025-6280 - TransformerOptimus SuperAGI EmailToolKit Path Traversal Vulnerability

CVE ID : CVE-2025-6280
Published : June 19, 2025, 10:15 p.m. | 5 hours, 44 minutes ago
Description : A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function download_attachment of the file SuperAGI/superagi/helper/read_email.py of the component EmailToolKit. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 22:15:00 GMT

read more

CVE-2025-6281 - OpenBMB XAgent Path Traversal Vulnerability

CVE ID : CVE-2025-6281
Published : June 19, 2025, 10:15 p.m. | 5 hours, 44 minutes ago
Description : A vulnerability has been found in OpenBMB XAgent up to 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /conv/community. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 22:15:00 GMT

read more

CVE-2025-6277 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-6277
Published : June 19, 2025, 9:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 21:15:00 GMT

read more

CVE-2025-6278 - Upsonic Path Traversal Vulnerability

CVE ID : CVE-2025-6278
Published : June 19, 2025, 9:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 21:15:00 GMT

read more

CVE-2025-6279 - Upsonic Pickle Handler Deserialization Vulnerability

CVE ID : CVE-2025-6279
Published : June 19, 2025, 9:15 p.m. | 5 hours, 20 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Upsonic up to 0.55.6. This issue affects the function cloudpickle.loads of the file /tools/add_tool of the component Pickle Handler. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 21:15:00 GMT

read more

CVE-2025-6384 - CrafterCMS Groovy Sandbox Bypass Remote Code Execution

CVE ID : CVE-2025-6384
Published : June 19, 2025, 9:15 p.m. | 5 hours, 20 minutes ago
Description : Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Execution). This issue affects CrafterCMS: from 4.0.0 through 4.2.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 21:15:00 GMT

read more

CVE-2025-6275 - WebAssembly wabt Use After Free Vuln

CVE ID : CVE-2025-6275
Published : June 19, 2025, 8:15 p.m. | 6 hours, 20 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 20:15:00 GMT

read more

CVE-2025-6276 - Brilliance Golden Link Secondary System SQL Injection Vulnerability

CVE ID : CVE-2025-6276
Published : June 19, 2025, 8:15 p.m. | 6 hours, 20 minutes ago
Description : A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 20:15:00 GMT

read more

CVE-2025-6273 - WebAssembly wabt Reachable Assertion Vulnerability

CVE ID : CVE-2025-6273
Published : June 19, 2025, 7:15 p.m. | 6 hours, 4 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 19:15:00 GMT

read more

CVE-2025-6274 - WebAssembly wabt Resource Consumption Vulnerability

CVE ID : CVE-2025-6274
Published : June 19, 2025, 7:15 p.m. | 6 hours, 4 minutes ago
Description : A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 19:15:00 GMT

read more

CVE-2025-33117 - IBM QRadar SIEM Command Injection Vulnerability

CVE ID : CVE-2025-33117
Published : June 19, 2025, 6:15 p.m. | 7 hours, 4 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 18:15:00 GMT

read more

CVE-2025-33121 - IBM QRadar SIEM XXE Injection

CVE ID : CVE-2025-33121
Published : June 19, 2025, 6:15 p.m. | 7 hours, 4 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 18:15:00 GMT

read more

CVE-2025-36050 - IBM QRadar SIEM Information Disclosure

CVE ID : CVE-2025-36050
Published : June 19, 2025, 6:15 p.m. | 7 hours, 4 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 18:15:00 GMT

read more

CVE-2025-6271 - Swftools wav2swf Out-of-Bounds Read Vulnerability

CVE ID : CVE-2025-6271
Published : June 19, 2025, 6:15 p.m. | 7 hours, 4 minutes ago
Description : A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 18:15:00 GMT

read more

CVE-2025-6272 - wasm3 Out-of-Bounds Write Vulnerability

CVE ID : CVE-2025-6272
Published : June 19, 2025, 6:15 p.m. | 7 hours, 4 minutes ago
Description : A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 18:15:00 GMT

read more

CVE-2025-50200 - RabbitMQ Basic Authentication Header Logging Vulnerability

CVE ID : CVE-2025-50200
Published : June 19, 2025, 5:15 p.m. | 8 hours, 4 minutes ago
Description : RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. This issue has been patched in version 4.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 17:15:00 GMT

read more

CVE-2025-6270 - HDF5 Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6270
Published : June 19, 2025, 5:15 p.m. | 8 hours, 4 minutes ago
Description : A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 17:15:00 GMT

read more

CVE-2006-2192 - CVE-2022-0001: Cisco Webex Meeting Server Integer Overflow Vulnerability

CVE ID : CVE-2006-2192
Published : June 19, 2025, 4:15 p.m. | 7 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 16:15:00 GMT

read more

CVE-2025-52464 - Meshtastic Public/Private Key Duplications and Low-Entropy Generation Vulnerability

CVE ID : CVE-2025-52464
Published : June 19, 2025, 4:15 p.m. | 7 hours, 3 minutes ago
Description : Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some platforms, leading to possible low-entropy key generation. When users with an affected key pair sent Direct Messages, those message could be captured and decrypted by an attacker that has compiled the list of compromised keys. This issue has been patched in version 2.6.11 where key generation is delayed til the first time the LoRa region is set, along with warning users when a compromised key is detected. Version 2.6.12 furthers this patch by automatically wiping known compromised keys when found. A workaround to this vulnerability involves users doing a complete device wipe to remove vendor-cloned keys.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 16:15:00 GMT

read more

CVE-2025-6269 - HDF5 Heap-Based Buffer Overflow Vulnerability

CVE ID : CVE-2025-6269
Published : June 19, 2025, 4:15 p.m. | 7 hours, 3 minutes ago
Description : A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 16:15:00 GMT

read more

CVE-2025-48886 - Cardano Hydra L1 Event Finality Vulnerability

CVE ID : CVE-2025-48886
Published : June 19, 2025, 3:15 p.m. | 8 hours, 3 minutes ago
Description : Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 15:15:00 GMT

read more

CVE-2025-49014 - jq Heap Use After Free Vulnerability

CVE ID : CVE-2025-49014
Published : June 19, 2025, 3:15 p.m. | 8 hours, 3 minutes ago
Description : jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 15:15:00 GMT

read more

CVE-2025-6268 - Luna Imaging Cross Site Scripting Vulnerability

CVE ID : CVE-2025-6268
Published : June 19, 2025, 3:15 p.m. | 8 hours, 3 minutes ago
Description : A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 15:15:00 GMT

read more

CVE-2024-24916 - Adobe Installer DLL Loading Vulnerability

CVE ID : CVE-2024-24916
Published : June 19, 2025, 2:15 p.m. | 7 hours, 38 minutes ago
Description : Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 14:15:00 GMT

read more

CVE-2025-6267 - Zhilink ADP Application Developer Platform SQL Injection Vulnerability

CVE ID : CVE-2025-6267
Published : June 19, 2025, 2:15 p.m. | 7 hours, 38 minutes ago
Description : A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 14:15:00 GMT

read more

CVE-2025-4738 - Yirmibes Software MY ERP SQL Injection

CVE ID : CVE-2025-4738
Published : June 19, 2025, 1:15 p.m. | 8 hours, 38 minutes ago
Description : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 13:15:00 GMT

read more

CVE-2025-6266 - FLIR AX8 Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-6266
Published : June 19, 2025, 12:15 p.m. | 9 hours, 38 minutes ago
Description : A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 12:15:00 GMT

read more

CVE-2025-6019 - Libblockdev Polkit Local Privilege Escalation

CVE ID : CVE-2025-6019
Published : June 19, 2025, 12:15 p.m. | 9 hours, 3 minutes ago
Description : A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 12:15:00 GMT

read more

CVE-2005-2347 - CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

CVE ID : CVE-2005-2347
Published : June 19, 2025, 11:15 a.m. | 10 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 11:15:00 GMT

read more

CVE-2025-32896 - Apache SeaTunnel Unauthenticated Arbitrary File Read and Deserialization Vulnerability

CVE ID : CVE-2025-32896
Published : June 19, 2025, 11:15 a.m. | 10 hours, 3 minutes ago
Description : # Summary Unauthorized users can perform Arbitrary File Read and Deserialization attack by submit job using restful api-v1. # Details Unauthorized users can access `/hazelcast/rest/maps/submit-job` to submit job. An attacker can set extra params in mysql url to perform Arbitrary File Read and Deserialization attack. This issue affects Apache SeaTunnel: <=2.3.10 # Fixed Users are recommended to upgrade to version 2.3.11, and enable restful api-v2 & open https two-way authentication , which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 11:15:00 GMT

read more

CVE-2025-5234 - WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5234
Published : June 19, 2025, 10:15 a.m. | 11 hours, 3 minutes ago
Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 10:15:00 GMT

read more

CVE-2025-31698 - Apache Traffic Server PROXY Protocol ACL IP Address Use Vulnerability

CVE ID : CVE-2025-31698
Published : June 19, 2025, 10:15 a.m. | 9 hours, 3 minutes ago
Description : ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.  This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 10:15:00 GMT

read more

CVE-2025-49763 - Apache Traffic Server ESI Plugin Remote Memory Consumption Vulnerability

CVE ID : CVE-2025-49763
Published : June 19, 2025, 10:15 a.m. | 9 hours, 3 minutes ago
Description : ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 10:15:00 GMT

read more

CVE-2025-5071 - WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability

CVE ID : CVE-2025-5071
Published : June 19, 2025, 10:15 a.m. | 9 hours, 3 minutes ago
Description : The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to have full access to the MCP and run various commands like 'wp_create_user', 'wp_update_user' and 'wp_update_option', which can be used for privilege escalation, and 'wp_update_post', 'wp_delete_post', 'wp_update_comment' and 'wp_delete_comment', which can be used to edit and delete posts and comments.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 10:15:00 GMT

read more

CVE-2016-3399 - "CVE-2022-1234: Apache HTTP Server Unauthenticated Remote Code Execution"

CVE ID : CVE-2016-3399
Published : June 19, 2025, 9:15 a.m. | 10 hours, 3 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 09:15:00 GMT

read more

CVE-2025-4571 - GiveWP - Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability

CVE ID : CVE-2025-4571
Published : June 19, 2025, 7:15 a.m. | 10 hours, 38 minutes ago
Description : The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to view or delete fundraising campaigns, view donors' data, modify campaign events, etc.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 07:15:00 GMT

read more

CVE-2025-4965 - WordPress WPBakery Page Builder Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4965
Published : June 19, 2025, 7:15 a.m. | 10 hours, 38 minutes ago
Description : The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 07:15:00 GMT

read more

CVE-2025-5490 - WordPress Football Pool Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5490
Published : June 19, 2025, 6:15 a.m. | 11 hours, 38 minutes ago
Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 06:15:00 GMT

read more

CVE-2025-5524 - OceanWP WordPress Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-5524
Published : June 19, 2025, 5:15 a.m. | 12 hours, 38 minutes ago
Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 05:15:00 GMT

read more

CVE-2025-52474 - WeGIA Web Manager SQL Injection Vulnerability

CVE ID : CVE-2025-52474
Published : June 19, 2025, 4:15 a.m. | 13 hours, 38 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. This issue has been patched in version 3.4.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 04:15:00 GMT

read more

CVE-2025-4479 - ElementsKit Elementor Addons and Templates WordPress Stored Cross-Site Scripting

CVE ID : CVE-2025-4479
Published : June 19, 2025, 4:15 a.m. | 12 hours, 19 minutes ago
Description : The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 04:15:00 GMT

read more

CVE-2025-50201 - WeGIA Web Manager OS Command Injection Vulnerability

CVE ID : CVE-2025-50201
Published : June 19, 2025, 4:15 a.m. | 12 hours, 19 minutes ago
Description : WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a shell command on the server's operating system. This flaw allows an unauthenticated attacker to execute arbitrary commands on the server with the privileges of the web server user (www-data). This issue has been patched in version 3.4.2.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 04:15:00 GMT

read more

CVE-2025-4367 - WordPress Download Manager Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4367
Published : June 19, 2025, 4:15 a.m. | 11 hours, 2 minutes ago
Description : The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 04:15:00 GMT

read more

CVE-2025-4661 - Brocade Fabric OS Path Transversal Privilege Escalation Vulnerability

CVE ID : CVE-2025-4661
Published : June 19, 2025, 3:15 a.m. | 12 hours, 2 minutes ago
Description : A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading to the disclosure of sensitive information. Note: Admin level privilege is required on the switch in order to exploit
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Thu, 19 Jun 2025 03:15:00 GMT

read more

CVE-2025-50183 - OpenList Frontend Stored XSS Vulnerability

CVE ID : CVE-2025-50183
Published : June 19, 2025, 3:15 a.m. | 12 hours, 2 minutes ago
Description : OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in